You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-registration-mfa-sspr-combined-troubleshoot.md
-17Lines changed: 0 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -51,13 +51,6 @@ The following table lists all audit events generated by combined registration:
51
51
| --- | --- |
52
52
| I don't have the option to add a particular method. | 1. Determine whether the method is enabled for Multi-Factor Authentication or for SSPR. <br> 2. If the method is enabled, save the policies again and wait 1-2 hours before testing again. <br> 3. If the method is enabled, ensure that the user hasn't already set up the maximum number of that method that they're allowed to set up.|
53
53
54
-
## Disable combined registration
55
-
56
-
When a user registers a phone number and/or mobile app in the combined registration experience, our service stamps a set of flags (StrongAuthenticationMethods) for those methods on that user. This functionality allows the user to perform Multi-Factor Authentication with those methods whenever Multi-Factor Authentication is required.
57
-
58
-
If an admin enables combined registration, users register through the combined registration experience, and then the admin disables combined registration, users might unknowingly be registered for Multi-Factor Authentication also.
59
-
60
-
If a user who has completed combined registration goes to the legacy self-service password reset (SSPR) registration page at [https://aka.ms/ssprsetup](https://aka.ms/ssprsetup), the user will be prompted to perform Multi-Factor Authentication before they can access that page. This step is expected from a technical standpoint, but it's new for users who were previously registered for SSPR only. Though this extra step does improve the user's security posture by providing another level of security, admins might want to roll back their users so that they're no longer able to perform Multi-Factor Authentication.
61
54
62
55
### How to roll back users
63
56
@@ -142,16 +135,6 @@ In a PowerShell window, run the following command, providing the script and user
142
135
143
136
`<script location> -path <user file location>`
144
137
145
-
### Disable the updated experience
146
-
147
-
To disable the updated experience for your users, complete these steps:
148
-
149
-
1. Sign in to the Azure portal as a user administrator.
150
-
2. Go to **Azure Active Directory** > **User settings** > **Manage user feature settings**.
151
-
3. Under **Users can use the combined security information registration experience**, set the selector to **None**, and then select **Save**.
152
-
153
-
Users will no longer be prompted to register by using the updated experience.
154
-
155
138
## Next steps
156
139
157
140
*[Learn more about combined registration for self-service password reset and Azure AD Multi-Factor Authentication](concept-registration-mfa-sspr-combined.md)
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments